Git
Available for: OS X Mountain Lion v10.8.4 or later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: When using the imap-send command, git did not verify
that the server hostname matched a domain name in the X.509
certificate, which allowed a man-in-the-middle attacker to spoof SSL
servers via an arbitrary valid certificate. This issue was addressed
by updating git to version 1.8.3.1.
CVE-ID
CVE-2013-0308

Xcode 5.0 is also available from the App Store. It is free to anyone
with OS X 10.8.x Mountain Lion and later.

To check that the Xcode has been updated:

* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "5.0".

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/